2373464 – kernel: scsi: iscsi: Fix HW conn removal use after free

Bug 2373464 - kernel: scsi: iscsi: Fix HW conn removal use after free

Summary: kernel: scsi: iscsi: Fix HW conn removal use after free

Keywords:
Status:	NEW
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability-draft
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-18 12:04 UTC by OSIDB Bzimport
Modified:	2025-09-04 18:07 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-18 12:04:12 UTC

In the Linux kernel, the following vulnerability has been resolved:

scsi: iscsi: Fix HW conn removal use after free

If qla4xxx doesn't remove the connection before the session, the iSCSI
class tries to remove the connection for it. We were doing a
iscsi_put_conn() in the iter function which is not needed and will result
in a use after free because iscsi_remove_conn() will free the connection.

Comment 1 Avinash Hanwate 2025-06-20 03:11:23 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025061839-CVE-2022-50031-f2bc@gregkh/T

Comment 5 TEJ RATHI 2025-08-20 11:44:41 UTC

This CVE has been rejected by the Linux kernel community. Refer to the announcement: https://lore.kernel.org/linux-cve-announce/2025081148-REJECTED-b84a@gregkh/

Comment added by: Automated Script

Note You need to log in before you can comment on or make changes to this bug.